Top CyberSecurity News For 30th April 2016

  1. Windows GodMode Abused by Malware. From Softpedia. Security researchers at McAfee Labs have come across a new malware family that is abusing a secret Easter Egg in Microsoft Windows called “GodMode.” GodMode consists of a piece of code that Microsoft left inside Windows since Vista that allows users to create a folder, give it a specific name, and automatically transforming it into a container that lists all the shortcuts to all the Control Panel settings. Nobody knows how GodMode panels came to be, but most likely they were used by Microsoft’s staff for debugging purposes.

  2. Group Helping Canada Research How Not to Get Hacked Was Itself HackedFrom ViceNews.  A Canadian non-profit group that has been working with the federal government to research how companies can guard against cyber crimes was itself defaced by an infamous hacker that supports the Islamic State. The attack, claimed by “Don-2”, who has already hacked and defaced a websites from China and India, targeted the Information and Communications Technology Council of Canada and appears to have vandalized the site with messages denouncing Canada’s expansion into the Middle East, including in “Shubra” an area in Egypt. Canadian peacekeepers are currently stationed in the Sinai.

  3. Cyber security Bill nears implementationFrom ITWeb. The South African Government’s highly-criticised national Cyber Crimes and Cyber Security Bill (cyber security Bill) will “shortly be taken through the Parliamentary process ahead of implementation”.This is the word from minister in the State Security Agency (SSA), David Mahlobo, who delivered his budget vote speech this week, and said the cyber security Bill had been completed and presented to Cabinet.

  4. Iran expands cyber warfare forces, attacks critical Western infrastructure. From Debka. Amid Iran’s recent demonstration of its military capabilities including the test-firing of ballistic missiles, which have drawn harsh criticism in the West and resulted in economic sanctions, a group of cyber warfare experts under the direct command of Iran’s Revolutionary Guard Corps has significantly increased its operations in recent months. The fingerprints of the hacker organization that calls itself “Rocket Kitten”, whose IP addresses lead directly to Iranian army command, were discovered again on Tuesday, this time within the computer control system of one of the most sensitive infrastructure facilities in Central Europe.
  5. Cybersecurity Is Top Concern of IEEE Members. From DesignNews. A new survey of hot technologies from IEEE Computer Society members and non-members from technology companies finds that cybersecurity ranked number one among all industry segments. Fully, 56% to 58% of respondents said cybersecurity is having the greatest impact on their industry.

 

 

 

 

 

Top CyberSecurity News For 29th April 2016

  1. Former Tor developer created malware for the FBI to hack Tor users. From Daily Dot. How does the U.S. government beat Tor, the anonymity software used by millions of people around the world? By hiring someone with experience on the inside. A former Tor Project developer created malware for the Federal Bureau of Investigation that allowed agents to unmask users of the anonymity software.
  2. German nuclear plant infected with computer viruses, operator says. From Reuters. A nuclear power plant in Germany has been found to be infected with computer viruses, but they appear not to have posed a threat to the facility’s operations because it is isolated from the Internet, the station’s operator said on Tuesday. The Gundremmingen plant, located about 120 km (75 miles) northwest of Munich, is run by the German utility RW.

  3. Philippine central bank says foiled attempts to hack its website. From Reuters. The Philippine central bank has foiled attempts to hack its website, its governor said on Thursday amid a warning from global financial network SWIFT about recent multiple cyber fraud incidents targeting its system. SWIFT’S disclosure came as law enforcement authorities in Bangladesh and elsewhere investigated the February cyber theft of $81 million from the Bangladesh central bank account at the New York Federal Reserve Bank.

  4. Qatar National Bank investigating alleged data hack. From Reuters. Qatar National Bank, the largest lender in the Middle East and Africa by assets, is investigating an alleged security breach of data posted online this week that revealed the names and passwords of a large number of customers. A 1.5GB trove of leaked documents includes the bank details, telephone numbers and dates of birth of several journalists for satellite broadcaster Al-Jazeera, supposed members of the ruling al-Thani family and government and defense officials, Doha News website reported.

  5. How These Mormon Women Became Some of the Best Cybersecurity Hackers in the U.S. From Reuters. Sarah Cunha and Laura Wilkinson, two seniors at Brigham Young University, didn’t make it to graduation this year. Instead, the two women spent their grad weekend, April 22-24, fighting hackers and defending a network from malware attacks at the 2016 National Collegiate Cyber Defense Championship (NCCDC). The NCCDC, already in its 11th year, is the Olympics of college-level cyber defense. To qualify for one of the ten slots in the national competition, a school must first beat out all the local competition in a regional showdown.

Top CyberSecurity News For 28th April 2016

  1. If you use Waze, hackers can stalk youFrom Fusion.net. Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thousands of “ghost drivers” that can monitor the drivers around them—an exploit that could be used to track Waze users in real-time. They proved it to me by tracking my own movements around San Francisco and Las Vegas over a three-day period.

  2. Meet the malware that screwed a Bangladeshi bank out of $81mFrom The Register.  February’s hack against Bangladesh’s central bank that netted $81m in diverted funds is one of the biggest cyber heists of all time. Now researchers think they’ve found the malware that did it. A sample of the software nasty was obtained by researchers at defense contractors BAE Systems. The malware appears to have been custom built to use the global SWIFT (Society for Worldwide Interbank Financial Telecommunication) system and its Alliance Access backend.
  3. RuMMS Android Malware Attacks via SMS Spam, Steals Money from Bank Accounts. From Softpedia. Security researchers have discovered a new Android malware family that’s being spread using SMS spam messages and has been secretly stealing money from victims’ bank accounts after infecting their devices. At the time of writing, this malware family which FireEye researchers have named RuMMS has targeted only users living in Russia. The first infections hit users on January 18 and have continued until late April.
  4. National Infrastructure Attacks Mark Ominous Milestone for Cyber Security From InfoSecurity Magazine. Hundreds of thousands of homes across western Ukraine were suddenly left without power last December after a massive blackout. Though power was eventually restored, this event should serve as a wake up call for governments around the world, not just because of the severity, but due to the cause .
  5. Amazon force-resets some account passwords, citing password leakFrom ZDNet. Amazon has force-reset an unknown number of accounts, after passwords may have been compromised. A number of readers told ZDNet they received an email from Amazon saying the company has reset their account password. The message was also sent to their account message center on Amazon.com, and Amazon.co.uk, confirming the message is genuine.

Top CyberSecurity News For 27th April 2016

1. U.S. Cyberattacks Target ISIS in a New Line of Combat. From NYTimes. The United States has opened a new line of combat against the Islamic State, directing the military’s six-year-old Cyber Command for the first time to mount computer-network attacks that are now being used alongside more traditional weapons.

2. Cybersecurity Threats Are Real: You And Your Organization Could Be In Danger. From Forbes. When board members were asked about the amount of knowledge they had on cybersecurity, less than 20% had a high level, 65% had some and 15% had little knowledge. During the webinar, over 50% were dissatisfied with the quality of information provided to the board by management pertaining to cybersecurity and IT risk.

3. The future of the NIST Cybersecurity Framework. From IApp.Org. On April 5-7, the National Institute of Science and Technology hosted a Workshop on its “Framework for Improving Critical Infrastructure Cybersecurity.” The workshop was extremely well-attended, with more than 900 registrants and hundreds more attending by webcast. It was preceded by a NIST request for information, which prompted 105 responses, many from industry associations representing hundreds of companies.

4. Aligning Cybersecurity with Corporate Culture. From Wall Street Journal. Creating a “cybersecurity culture” means instilling in employees an acute sensitivity to cyber risks and arming them with knowledge and tools to mitigate these threats. Tightly linking cybersecurity to the day-to-day work environment could vastly improve organizations’ security posture.

5. Singtel launches first-of-its-kind cyber security institute in Asia Pacific. From Straits Times. Telco Singtel on Tuesday (April 26) launched its Cyber Security Institute (CSI), a hybrid between an advanced cyber range and an educational institute. It is the first-of-its-kind in the region to test and train companies in dealing with sophisticated cyber threats. Housed in a permanent space of over 10,000 sq ft in the eastern part of Singapore, the institute provides cyber skills development and education programmes tailored to the varying needs of company boards, C-suite management, technology and operational staff.

 

Top Cybersecurity News For 26th April 2016

  1. Hackers Have Launched a War Against the KKK. From EpochTimes. Over the course of the last couple months, websites belonging to the KKK flicked off and on, members of the hate group have had their identities posted online, and their recruiting efforts have been attacked. This has been the work of several hacker collectives, including Anonymous and BinarySec, under a loosely-coordinated operation they’re calling #OpKKK.
  2. The Latest Data Breach Involves The Voting Records Of 93.4 Million Mexican Citizens. From Yahoo News. Yet another data breach has grabbed international headlines, and this one involves the voting registration records of some 93.4 million Mexican citizens. On April 14, Chris Vickery of MacKeeper discovered that he was able to access a tome of information, including names, birth dates, home addresses, ID numbers, and more, all on an unprotected Amazon cloud server.
  3. This one chart explains why cybersecurity is so necessary. From TrueViralNews (Infographic From BI Intelligence)cybersecurity20infographic

  4. Church website hacked by alleged terrorist group. From Fox17 West Michigan. A church in West Michigan is trying to figure out why their website was a target for hackers over the weekend. An alleged terrorist group is taking credit for hacking Lamont Christian Reformed Church’s website. It was 15-year old Elizabeth Storteboom who discovered the website was hacked. Friday night instead of the churches website she read “You have been hacked by the United Cyber Caliphate”, a group that claims to be a cyber army for the Islamic State.

  5. Vancouver student expelled for hacking high school email system. From Fox19 Cincinnati. A Vancouver Public School District spokesperson said Skyview High School email system was hacked early Tuesday morning by a student. Communications Director Patricia Nuzzo said the student was “emergency expelled” until appropriate disciplinary action can be determined.

Top Cybersecurity News For 25th April 2016

  1. How an email sparked a squabble over Chinese-owned Lenovo’s role at Pentagon. From Washington Post. Ever since Chinese computer maker Lenovo spent billions of dollars to acquire IBM’s personal-computer and server businesses, some lawmakers have called on federal agencies to stop using the company’s equipment out of concerns over Chinese spying. But an email circulated within the Air Force appeared to indicate Lenovo being kicked out.
  2. A Brief History Of Ransomware. From DarkReading. The rise in ransomware extortion as a reliable weapon for cybercriminals to make the most of victims’ system vulnerabilities has now spanned the better part of a decade. But the last year has seen hockey stick growth as attackers perfected their methods and targeted victims. At this point ransomware has established itself as $60 million a year criminal enterprise, with that number sure to rise as the income is funneled into improving the next ransomware generation.

  3. FireEye Threat Intelligence Review. From SC Magazine (2015). This is an extremely powerful system for gathering, analyzing and acting on cyberthreat intelligence. The wealth of available data is impressive and FireEye is an experienced player with a heavy recorded history of data going back 10 years or more. We do wish, however, that this wealth of analytical power was readily available as a standalone service for threat analysts who are not necessarily part of a network defense team.
  4. Interview: Security and scalability of the IoT in business. From ITProPortal.
    We spoke to Klaus Gheri, VP and GM of Network Security at Barracuda Networks about the challenge of securing IoT devices in industry and the tools being developed to overcome IoT barriers to adoption.
  5. Transportation Official: Cybersecurity Rules May Be Needed for Cars.  From MorningConsult. The head of the National Highway Traffic Safety Administration told a House panel Thursday that his agency may need to craft rules to enhance cybersecurity as more vehicles are connected to the internet. “You need some best practices, and potentially rules, to establish certain kinds of hard protections in things,” NHTSA Administrator Michael Rosekind said.

     

Top Cybersecurity News For 24th April 2016

  1. 70 customers duped in cyber hacking of bank. From Times Of India. An internal inquiry by Bank of Baroda (BoB), has found that at least 70 customers from various parts of the Uttar Pradesh state were duped in March. So far, 373 fraudulent transactions adding up to about Rs 10.67 lakh (USD 18,000) have been detected in what could be the biggest cyber heist in India.

  2. Hacking Risks Found in US Army’s $12 Billion Mobile Network. From NewsMax. A $12 billion mobile Internet network that the U.S. Army is using in Iraq, Afghanistan, and Africa has significant cyber-security vulnerabilities that were found in combat testing.
  3. Number of DDoS Bots That Can Bypass Mitigation Tools Rises to 36 Percent. From Softpedia. During the first three months of the year, DDoS protection firm Imperva observed a series of interesting trends regarding the DDoS landscape. According to the company’s latest quarterly report, both network layer and application layer attacks grew in size and sophistication.
  4. Massive Philippines data breach now searchable online. From Wired. A website called wehaveyourdata.com that claims to contain the full database of hacked Filipino voter data has appeared online. The hacking of the Philippines’s voter registration system and database is believed to be the biggest data breach in government history, with more than 55 million people affected.
  5. Facebook bug hunter stumbles on backdoor left by… another bug hunter. From ITWorld. When Orange Tsai set out to participate in Facebook’s bug bounty program in February, he successfully managed to gain access to one of Facebook’s corporate servers. But once in, he realized other hackers had beaten him to it.The backdoor script stole Facebook employee credentials from a corporate server.

Top Cybersecurity News For 23rd April 2016

  1. Cyber Security Company SecureWorks Prices Year’s First Tech IPOFrom Fortune. The computer security company is the first tech IPO of 2016. Dell’s cybersecurity unit, SecureWorks, is finally going public in an important test of investor appetite for newly public tech companies amid a cooling market.

  2. Databases Remain Soft Underbelly Of CybersecurityFrom DarkReading. According to a new survey out by Osterman Research of some 200 enterprises, the top three database security issues among enterprises were tracking compromised credentials; the potential for the organization to experience a major data breach; and the inability of the organization to identify data breaches until it was too late to mitigate damage.

  3. DISA: ‘The gloves are off’ in the cyber fight. From FedScoop. The director of DoD’s IT networking agency said hackers are abandoning low profile, espionage-like activity in favor of more brute, albeit virtual, force. The enemy is “kicking in the doors. It’s loud and it’s fast. It’s snatch and grab. The gloves are off. They’re going after senior leaders at their offices and at home. It’s a different world,” Army Lt. Gen. Alan R. Lynn, commander of the Joint Force Headquarters — Department of Defense Information Networks, said.

  4. South Africa losing billions each year to cyber-crimeFrom SABC. South Africa is losing more than R1 billion each year to cyber-crime. That’s according to the South African Banking Risk Information Centre (SABRIC). It says cyber-crime has increased by almost 30% since 2013.
  5. India Still Lucrative Destination For Cyber CriminalsFrom Hindustan Times. Although India has seen a steady decrease in the amount of spam originating from its land, it continues to rank as the third top source of overall malicious activity, including malware, phishing hosts and bots, a new report from Symantec said on Thursday.

Top Cybersecurity News For 22nd April 2016

  1. Rules For Cyberwarfare Still Unclear, Even As U.S. Engages In It. From NPR.  Who’s in charge when the U.S. wages cyberwar? “The chain of command is clear on paper,” says Susan Hennessey, who served as a lawyer at the National Security Agency until November 2015. “It’s much more difficult to understand in practice.”
  2. IBM’s Survey Of The Cybersecurity LandscapeFrom IBM.com. In 2015, 60 percent of all attacks were carried out by insiders, either ones with malicious intent or those who served as inadvertent actors. In other words, they were instigated by people you’d be likely to trust. And they can result in substantial financial and reputational losses.
  3. Boston Cybersecurity Map Shows Deep, Diverse Local Sector. From XConomy. It’s no secret that the Boston area is home to a formidable group of companies related to cybersecurity. Just how big is the local cluster? Xconomy surveyed the landscape and found 63 firms within an hour’s drive of downtown Boston, including locally based companies and outposts of firms based elsewhere.

  4. Tomorrow’s Buildings: Help! My building has been hacked. From BBC. According to Mr Billy Rios, who runs security company Whitescope, there are 50,000 buildings currently connected to the internet – including research facilities, churches and hospitals, and 2,000 of those are online with no password protection.

  5. FBI Warns Farmers About the Dangers of Hackable IoT Farm Equipment. From Softpedia. Farmers who employ Internet-connected and precision farming equipment should be very mindful of the way they configure their devices, the FBI warned in a public statement advisory at the end of March. The Bureau, together with the US Department of Agriculture (USDA), issued the note on March 31, as an alert to the growing threat of IoT security.

Top Cybersecurity News For 21st April 2016

  1. Cybersecurity Is The Greatest Threat Since Atom Bomb Says Apple Co-founder Steve Wozniak. From IB Times. Cybersecurity is the greatest threat the world has faced since the atom bomb, Apple co-founder Steve Wozniak said in an interview with Australian TV news show Lateline. The perceived threat of a cyberattack, he said, is causing as much fear and panic as the Cold War hysteria during his childhood.
  2. Baltimore Cybersecurity Startup Wins Philadelphia Pitch Event. From Baltimore Business Journal. Baltimore cybersecurity  startup RedOwl was the winner of a Philadelphia pitch competition held on April 15th 2016. RedOwl specializes in detecting and protecting against internal system threats. The company’s software tracks employee activity on company databases to identify suspicious activity or changes in behavior that may indicate a threat.

  3. Cybersecurity Competition Boosts Student Interest in STEM Careers. From Navy.mil. The fourth annual Palmetto Cyber Defense Competition (PCDC), hosted by Space and Naval Warfare Systems Center (SSC) Atlantic in collaboration with the South Carolina Lowcountry Chapter of AFCEA, was held April 9-11 at Trident Technical College in North Charleston, South Carolina.
  4. OneSecure Acquired By EvvoLabs, Rebrands As EVVO Cybersecurity. From ChiefIT.me. OneSecure Asia has announced that it has been acquired by EVVO Labs, a provider of innovative cloud, mobile and media solutions, and will be renamed EVVO Cybersecurity. Customers of both companies will be able to experience a wider range of security solutions as well as services offered by EVVO Cybersecurity.
  5. Vast Majority Of Tested Applications Have At Least One Vulnerability: Cyber Security ReportFrom Canadian Underwriter. Cyber criminals are increasingly making use of malware-as-a-service, an issue of concern given that 97% of applications tested by Trustwave in 2015 had at least one vulnerability, note findings from the 2016 Trustwave Global Security Report.